CRM Gains Attention as Sarbanes-Oxley Compliance Medium

Whether one believes that the scandals at high-flyers like Enron and Worldcom were endemic to modern enterprise or the acts of a few bad apples, the financial and legal fallout has cast a wide net on business operations today. As a growing number of firms are called to comply with new disclosure and management control acts like Sarbanes-Oxley (SOX, also referred to as Sarbox), enterprise software developers are tailoring their products to better meet the needs of compliance officers and the stricter accounting guidelines. Just today, NetSuite rolled out two new advanced financial modules, with an improved checks-and-balances rule engine governing changes to revenue and reporting information, and other CRM developers are taking the opportunity to position their solutions as a crucial part of compliance. On the face of the problem SOX may appear to be a matter of accounting--a matter for the CFO's direct reporting organization only. "Sarbanes-Oxley is not about CRM or ERP or general ledger specifically. It's about business process, and putting controls on business processes so you can have visibility into transactions that are auditable and controlled," says John van Decker, senior vice president at META Group. "Wherever there are financial controls, authorizations, or contracts... or wherever accounting details are generated [applies]." Customer-facing strategists will likely be called upon as part of a compliance effort to ensure that there are no financial control gaps in their processes, including the sales and service operations. "An order entry that goes into a CRM system, if not controlled, is an opportunity for fraud," Van Decker says. Companies are responsible to ensure that resources do not fraudulently leave the company, whether through the controller's office or through a sales order. "Ideally, not much should change, and companies that are at best practice [already] will have little to do. But if allowances are given to a customer, there perhaps needs to be more control on that process--an approval process so that you reduce your opportunities for fraud." The data transparency prescribed by SOX has also proven fertile ground for discussion for enterprise software-suite developers and data integration consultants, racing to add the compliance message to the list of standing reasons to drive down the prevalence of data stovepipes. "Ideally, the more a company can leverage integrated solutions, means perhaps less opportunity for error and more consistency across the board," Van Decker says. In much the same way as some companies have seized on the improved marketing-data quality that arose from a legislated need to honor privacy requests around such acts as Gramm-Leach-Bliley, SOX may ultimately provide the impetus to improve sales and service operations. "Initially this is certainly a back office issue, but it shows up in the front office as a competitiveness issue...how can you use what you know [about customers] to your advantage?" says Denis Pombriant, principal analyst at Beagle Research. Related articles: Managing Risk and Data: Two Key Drivers in the Global Financial Industry Compliance Comes to CRM How Can Companies Use CRM to Enforce Compliance Requirements?